<% /**
	* login.jsp
	* 
	* Page containing the forms which allow a user to recover their password
	*
	* @author Chris Avery
	*/
%>
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
    pageEncoding="ISO-8859-1"%>
<%@page import="b1w1nn1ng.crossf1t.gui.*"%>
<%@page import="b1w1nn1ng.crossf1t.business.*"%>
<%@page import="b1w1nn1ng.crossf1t.db.*"%>

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
	<head>
		<title> Reset Password </title>
		<jsp:include page="/detectBrowser.jsp" />	
	</head>
	<body>
		<div id="container">
		<h1> Reset Password </h1> <hr />
		<form action="loginResetPassword.jsp" method="get">
			<%

			if(request.getParameter("username") == null) {
				//if the user hasn't input a username yet, we give them a blank field asking for it
				out.println("<table><tr>");
				out.println("<td>Enter your username: </td>");
				out.println("<td><INPUT name=\"username\" type=\"text\" MAXLENGTH=\"30\"><br /></td>");	
				out.println("</tr><table><br />");
				out.println("<input type=\"submit\" value=\"Continue\"/>");
				out.println("<input type=\"button\" value=\"Cancel\" onclick=\"window.location =\'login.jsp\'\"/>");
			} else {
				//if they've entered a username, check it. I TRIED to make this only hit the database once and it didn't work.
				User user = Login.getUserByUsername(request.getParameter("username"));
				if(request.getParameter("answer") == null){
					if(user != null) {
						//and the username is valid, populate the username field for them and prompt for the password
						out.println("<table><tr>");
						out.println("<td>Enter your username: </td>");
						out.println("<td><INPUT readonly name=\"username\" type=\"text\" MAXLENGTH=\"30\" VALUE=\""+request.getParameter("username")+"\" /></td>");
						out.println("</tr><tr>");
						out.println("<td>"+user.getQuestion()+"</td>");
						out.println("<td><input name=\"answer\" type=\"text\" maxlength=\"30\" /></td>");
						out.println("</tr><table><br />");
						out.println("<input type=\"submit\" class=\"submit\" value=\"Submit\"/>");
						out.println("<input type=\"button\" value=\"Cancel\" onclick=\"window.location =\'login.jsp\'\"/>");
					} else {
						//and if the username is invalid, reprompt them for that
						out.println("That username does not exist. Please check your spelling and try again.<br /><br />");
						out.println("<table><tr>");
						out.println("<td>Enter your username: </td>");
						out.println("<td><INPUT name=\"username\" type=\"text\" MAXLENGTH=\"30\"><br /></td>");
						out.println("</tr><table><br />");
						out.println("<input type=\"submit\" class=\"submit\" value=\"Continue\"/>");
						out.println("<input type=\"button\" value=\"Cancel\" onclick=\"window.location =\'login.jsp\'\"/>");
						
					}
				} else {
					//if they have both a valid username and answer, we check their answer
					if(user.getAnswer().equals(request.getParameter("answer"))) {
						//if the answer is correct, tell them they succeeded, print their info, and let them go to the login page
						out.println("Hello, "+user.getFirstName()+"!<br /><br />");
						out.println("Your password has been changed to a temporary password.<br /><br />");
						String tempPass = Login.generateRandomPassword(8);
						user.setPassword(tempPass);
						out.println("Your new temporary password is: "+tempPass+"<br /><br />");
						out.println("Please use your temporary password to log in, and then change your password from the settings page.<br /><br />");
						out.println("<input type=\"button\" class=\"submit\" value=\"Return to the login screen\" onclick=\"window.location =\'login.jsp\'\"/>");
					} else {
						//if the answer is incorrect, reprompt them for that
						out.println("The answer you provided did not match the answer to your security question. Please try again.<br /><br />");
						out.println("<table><tr>");
						out.println("<td>Enter your username: </td>");
						out.println("<td><INPUT readonly name=\"username\" type=\"text\" MAXLENGTH=\"30\" VALUE=\""+request.getParameter("username")+"\" /></td>");
						out.println("</tr><tr>");
						out.println("<td>"+user.getQuestion()+"</td>");
						out.println("<td><input name=\"answer\" type=\"text\" maxlength=\"30\" /></td>");
						out.println("</tr><table><br />");
						out.println("<input type=\"submit\" class=\"submit\" value=\"Submit\"/>");
						out.println("<input type=\"button\" class=\"submit\" value=\"Cancel\" onclick=\"window.location =\'login.jsp\'\"/>");
					}
				}
			}
		
			%>
			</table>
		</form>
		</div>
	</body>
</html>

